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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 13 July 2001 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) (3 Claim(s) 1-10 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E] Claim(s) 1-10 is/are rejected. 

7) EK] Claim(s) 4,5 and 7-10 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 13 July 2001 is/are: a)D accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner, Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1. Claims 1-10 have been examined. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on July 13, 2001 is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the information 
disclosure statement is being considered by the examiner. 

Drawings 

3. The drawings are objected to under 37 CFR 1.84(u). According to 37 CFR 
1.84(u), different views must be numbered in consecutive Arabic numerals, 
starting with 1. The view numbering should be independent of the numbering of 
the sheets and, if possible, in the order in which they appear on the drawing 
sheets. Sheets 5 and 6 of the drawings both contain views labeled as Fig. 5. 
Because there is no mention of Fig. 6 either in the Brief Description of the 
Drawings or elsewhere in the applicant's specification, it is unclear to the 
examiner whether one of the two views in question was meant to be labeled as 
Fig. 6, or if one of the views is a replacement or correction of the other view. 
Examiner will treat Fig. 5 on sheet 5 of the drawings as the Fig. 5 mentioned in 
the specification until further clarification is presented. 



4. The drawings are objected to under 37 CFR 1.83(a). The drawings must 
show every feature of the invention specified in the claims. Therefore, the kernel, 
driver, operating system and computer readable medium of claim 7 must be 
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shown or the feature(s) canceled from the claim(s). No new matter should be 
entered. 

5. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. 
The figure or figure number of an amended drawing should not be labeled as 
"amended." If a drawing figure is to be canceled, the appropriate figure must be 
removed from the replacement sheet, and where necessary, the remaining 
figures must be renumbered and appropriate changes made to the brief 
description of the several views of the drawings for consistency. Additional 
replacement sheets may be necessary to show the renumbering of the remaining 
figures. The replacement sheet(s) should be labeled "Replacement Sheet" in the 
page header (as per 37 CFR 1 .84(c)) so as not to obstruct any portion of the 
drawing figures. If the changes are not accepted by the examiner, the applicant 
will be notified and informed of any required corrective action in the next Office 
action. The objection to the drawings will not be held in abeyance. 

Claim Objections 

6. Claims 5 and 10 are objected to because of the following informalities: There 
is a typographical error in line 1 of claim 5, which states "An system". 
Additionally, there are several typographical errors in claim 10. Specifically, in 
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line 1 of claim 10, "An method" is used when "A method" should be used, and in 
line 17 of claim 10, the word "to" is missing in between "from said correspondent" 
and "determine whether processing". Additionally, there is a comma on line 4 of 
page 9 at the end of one of the limitations of claim 10 that should be a semi- 
colon. Also, on line 3 of claim 10, the method should recite "having the steps of 
rather than "having the step of because more than one step is recited in the 
claim as part of the method. Appropriate correction is required. As a note to 
applicant, the formatting of claim 6 differs from the formatting of all other claims 
included in the specification and may want to be fixed to be in accordance with 
the other claims. 



Claim Rejections - 35 USC §112 

7. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and 
process of making and using it, in such full, clear, concise, and exact terms as to enable any 
person skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and use the same and shall set forth the best mode contemplated by the inventor of carrying 
out his invention. 

8. Claim 7 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply 
with the enablement requirement. The claim contains subject matter which was 
not described in the specification in such a way as to enable one skilled in the art 
to which it pertains, or with which it is most nearly connected, to make and/or use 
the invention. Specifically, claim 7 refers to a driver included in a kernel of an 
operating system as a part of the claimed invention. Although applicant mentions 
a driver in an operating system in the specification, the specification has no 
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mention of including a driver in the kernel of an operating system, nor does it 
have mention of a kernel. 



9. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

10. Claims 4, 5, 8 and 9 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. Claim 4 recites the 
limitation of "said step of examining" in line 1 of the claim, for which there is 
insufficient antecedent basis. Claim 5 recites the limitation "said encapsulated IP 
packet" in lines 5-6 of the claim. Claim 5 also recites the limitation "said 
cryptographic transformations" in line 10 of the claim. There is insufficient 
antecedent basis for these limitations in the claim. Claim 8 recites the limitation 
"the cryptographic transformations" in line 1 of the claim, for which there is 
insufficient antecedent basis. Claim 9 recites the limitation of "secure 
communications between correspondents" in lines 1-2 of the claim. There is no 
prior mention of correspondents, or secure communication between 
correspondents in claim 5, the parent claim of claim 9. Thus, there is insufficient 
antecedent basis for the limitation in the claim. 



Claim Rejections - 35 USC § 102 
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1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 
that form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless -(e) the invention was described in (1) an 
application for patent, published under section 122(b), by another filed in the United States 
before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351(a) shall 
have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under 
Article 21(2) of such treaty in the English language. 

12. Claims 1-3, 5, and 8-10 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Badamo et al. (U. S. Publication 2002/0184487). 

13. With respect to claim 1 , Badamo et al. disclose a method for providing 
cryptographic functions to data packets at the PPP layer of a network stack 
(page 4, column 1, line 19), the method including the steps of: 

Intercepting PPP datagrams inbound to said network stack and outbound 
of network stack (page 4, column 1 , lines 15-16), said PPP datagrams having at 
least one encapsulated data packet en route along the protocol stack; 

Decapsulating said PPP datagrams to retrieve said at least one 
encapsulated data packet (page 4, column 1, line 18); 

Determining whether to process said at least on data packet by examining 
said data packet (page 4, column 1, lines 56-61); 

Modifying said data packet to provide said cryptographic functions (page 
5, column 1, lines 40-42); and 
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Encapsulating said at least one data packet (page 4, column 1, line 51) for 
transmission to a next layer of said network stack (page 4, column 1 , lines 52- 
53). 



14. With respect to claim 2, Badamo et al. disclose the method of claim, wherein 
said data packet is an IP packet (page 5, column 1, lines 64-66 to page 5, 
column 2, lines 1-2; One of average skill in the art is aware that it is inherent in 
an IP packet to have a header, an address to which the IP packet is sent, and 
data for which the packet was created. This inherency is also taught in RFC 791 
of the IETF, in which they specify a datagram having data and a header in 
section 2.2, page 9 of the document, and specify the header as having 
destination and source addresses in section 3, page 14-18 of the document.) 
having a header, an address and data. 



1 5. With respect to claim 3, Badamo et al. teach the method of claim 1 wherein 
said step of modifying said data packet includes the further step of selecting an 
IPSec protocol (page 5, column 1, lines 33-34, 36-37, 41). 



16. With respect to claim 5, Badamo et al. disclose a system for processing data 
packets by providing cryptographic functions to data packets at the PPP layer of 
a network stack (page 4, column 1, line 19), said system having: 

A packet interceptor to intercept PPP datagrams inbound to said network 
stack and outbound of said stack, said PPP datagrams including at least one 
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data packet, and to decapsulate said PPP datagrams to retrieve said 
encapsulated IP packet (page 4, column 1, lines 43-54); 

A security policy manager for storing processing rules for said data 
packets and selecting at least one of the processing rules for said data packet 
(page 6, column 1, lines 20-22); and 

A processing module for processing said data packet by selecting and 
applying said cryptographic transformations on said data packet, said processing 
module in communication with said security policy manager (items 73 and 74; 
page 6, column 1, lines 27-29); 

Wherein PPP datagrams are intercepted in accordance with said 
processing rules (page 5, column 1, lines 33-34; the IPSec protocol is the 
protocol from which the processing rules and cryptographic transformations are 
implemented.). 

17. With respect to claim 8, Badamo et al. teach the system of claim 5, wherein 
the cryptographic transformations are implemented using an IPSec protocol by 
said processing module (page 5, column 1, lines 33-34, 36-37, 41). 

18. With respect to claim 9, Badamo et al. teach the system of claim 5, wherein 
secure communications between correspondents is provided via a virtual private 
network (page 1, column 2, lines 8-9). 
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19. With respect to claim 10, Badamo et al. teach a method for providing a 
cryptographic system for communication between correspondents in a 
communication network (Fig. 1) to data packets at the PPP layer of a network 
stack, said method having the step of: 

Providing a security module in a computer readable medium (page 4, 
column 2, line 3-4 state that the processors that perform the functions of the 
security module are fast path processor subsystems, and page 5, column 2, lines 
3-4 state that fast path coprocessors are microprocessors, which are known in 
the art to be computer readable mediums.) at each of said correspondents, said 
security module having: 

A packet interceptor to intercept PPP datagrams inbound to 
said network stack and outbound of said stack, said PPP datagrams including at 
least one data packet, and to decapsulate said PPP datagrams to retrieve said 
encapsulated IP packet (page 4, column 1, lines 43-54); 

A security policy manager for storing processing rules for said data 
packets and selecting at least one of the processing rules for said data packet 
(page 6, column 1, lines 20-22); and 

A processing module for processing said data packet by selecting 
and applying said cryptographic transformations on said data packet, said 
processing module in communication with said security policy manager (items 73 
and 74; page 6, column 1, lines 27-29); 

Examining said data packets outbound from said correspondent to 
determine whether processing by said processing module is required (page 6, 
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Page 



column 1, lines 55-58; The ingress and egress processors are used to process 
incoming and outgoing packets.); and 

Examining inbound data packets to said correspondent to determine 
whether processing by said processing module is required by checking whether 
said data packets include cryptographic functions (page 6, column 1, lines 55- 
58). 

Claim Rejections - 35 USC § 103 

20. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

21. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Badamo et al. (U.S. Publication No. 2002/0184487) in view of Ylonen et al. (U.S. 
Patent 6,438,612). 

22. With respect to claim 4, Badamo teaches the limitations of claim 1 , from 
which 4 is a dependent claim. Badamo does not teach the further extrapolation 
of claim 1 , wherein the step of modifying the data packet includes further steps of 
checking the header information and acting upon said information. Ylonen et al. 
discloses further steps of modifying the data packet: 
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Checking header information of outbound packets to the network stack to 
determine if processing applies (column 8, lines 11-15; Ylonen et al. state that 
the selectors are used to determine if processing applies. According to column 
4, lines 61-62, the selectors are specified by the security association. According 
to column 8, lines 15-18, the values that specify which security association is 
relevant is obtained in the header of the packet. Because the selectors are 
obtained from the security association, and the security association is obtained 
from the header of the packet, it can be said that the selectors can be obtained 
from the header of the packet); and 

Checking header information of inbound packets to the network stack to 
determine if the data packets include cryptographic functions (column 8, lines 4- 
6; The VNI is selected as a 'selector 1 in the security association during the 
negotiation of applying encryption and authentication. The selectors are 
obtained from the security association, which can be obtained from values 
designated in the packet header, as mentioned above. By checking if the 
security association specifies a VNI, the transmitting device is checking the 
outbound packet's cryptographic functions). 

Both Badamo et al. and Ylonen et al. are analogous art because both are 
in the field of secure communications networks. It would have been obvious to 
one of average skill in the art at the time of the invention to combine the step of 
Ylonen et al. with the method of Badamo et al. By doing so, the invention would 
have error-checking steps, and the likelihood of security problems encountered 
during or as a result of the invention would be decreased. 
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23. Claims 6 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Badamo et al. (U.S. Publication No. 2002/0184487) in view of Lantto et al. 
(U.S. Publication No. 2004/0054794). 

24. With respect to claims 6 and 7, Badamo et al. teach the limitations of claim 
5, which is the claim upon which claim 6 is dependent. Badamo et al. also teach 
a packet interceptor located at the PPP layer of the network stack (page 4, 
column 1 , lines 9-11). However, Badamo et al. does not explicitly teach a packet 
interceptor at the PPP layer as a software module as recited in claim 6, nor does 
he teach a packet interceptor as a driver in the kernel of an operating system as 
recited in claim 7. In the Description of Related Art, Lantto et al. discuss a well- 
known prior art network packet interceptor implemented as a software module, 
more specifically implemented as a driver included in a kernel of an operating 
system (page 2, column 2, lines 45-49). Both Badamo et al. and Lantto et al. are 
analogous art because both are in the field of secure communications networks. 
It would have been obvious to one of average skill in the art at the time of the 
invention to utilize the kernel-mode driver implementation of a packet interceptor 
of Lantto et al. with the packet interceptor of Badamo et al. in which the packet 
interceptor was located at the PPP layer of the network stack because the driver 
implementation is well-known art that is commercially accepted and used in the 
field (Lantto et al: page 2, column 2, lines 43-49). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Ramya Ananthanarayanan whose telephone 
number is (571) 272-5860. The examiner can normally be reached on Monday 
through Friday, 8:30 -5. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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